package com.fzhiyu.xiaofengblog.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        //禁用CSRF
        http.csrf().disable();
        http
                .authorizeHttpRequests(auth -> auth
                        //允许所用用户访问 / 和 /home
                        .requestMatchers("/", "/home").permitAll()
                        //其他请求需要身份验证
                        .anyRequest().authenticated()
                )
                //配置表单登录
                .formLogin(form -> form.loginPage("/login").permitAll())
                //配置注销
                .logout(logout -> logout.permitAll());

        return http.build();

    }
//    @Bean
//    public UserDetailsService userDetailsService() {
//        // 创建一个内存中的用户
//        UserDetails user = User.withDefaultPasswordEncoder()
//                .username("user")
//                .password("password")
//                .roles("USER")
//                .build();
//
//        return new InMemoryUserDetailsManager(user);
//    }
}
